Log4Shell & Active Directory: The Five Routes To Domain Dominance

Whilst much has been written about Log4j and the potential impact to the applications that rely on the now infamous java library, little has been said about how attackers could leverage the flaw to gain control of your domain at the highest levels of privilege. For the purpose of this article, we will assume that you are familiar with Active Directory and that you understand its strategic position for information systems. We will discuss five major situations in which Log4Shell allow attackers to achieve complete domain domination over your Active Directory infrastructure. These five situations are not exhaustive and, beyond any doubt, there are many other compromise paths using similar concepts.

Get your free copy now!

I would like to receive marketing communications from Tenable regarding its products and services. You may opt-out of receiving our emails at any time by following the opt-out instructions included in the footer of the emails delivered to you or by visiting

Tenable's Subscription Center. You acknowledge that Tenable, our affiliates, and the third parties (as applicable) listed in our Privacy Policy may transfer your personal data outside of the European Economic Area ("EEA") in order to deliver marketing communications to you, and that countries outside of the EEA may not require the equivalent level of protection of your personal data. Tenable will only process your personal data as described in our Privacy Policy.

YesNo

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Log4Shell & Active Directory: The Five Routes To Domain Dominance

Log4Shell & Active Directory: The Five Routes To Domain Dominance

Leave a Reply
Cancel reply

Leave a Reply

Log4Shell & Active Directory: The Five Routes To Domain Dominance

Leave a Reply Cancel reply

Leave a Reply

Leave a Reply
Cancel reply